From Vulnerability to Exploit (Joomla! SQL Injection)
James from GulfTech Research and Development coded Joomla! SQL Injection Exploit in Metasploit from SQL Injection to Remote Code Execution https://docs.google.com/leaf?id=0B5oxcQ53hliTNmZlNGJmODEtNmQ3MC00YWI2LThmMTAtZjUzMGU0OTcxOTNh&hl=en It works for our previous disclosure of: http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.6.0%5D_sql_injection We thank James for his excellent working exploit that provides Proof-of-Concept for a vulnerability that Joomla! Core Developers think of as Information Disclosure Only. http://developer.joomla.org/security/news/328-20110201-core-sql-injection-path-disclosure.html